From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Unlock the full course today
Join today to access over 22,400 courses taught by industry experts or purchase this course individually.
Chain of custody
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 6 Incident Response
Chain of custody
- [Instructor] When evidence is used in court or another formal setting, both parties involved in a dispute have the right to ensure that the evidence presented has not been tampered with during the collection, analysis or storage process. We've already discussed how hashing can be used to verify that digital evidence has not changed. The chain of custody also plays an important role in ensuring the authenticity of evidence. The Chain of Custody, also known as the chain of evidence, provides a paper trail that tracks each time someone handles a piece of physical evidence. In the case of digital forensics, this might include the original hard drive or other primary evidence collected by investigators and used for later analysis. When collecting physical evidence, the evidence should always be placed in an evidence storage bag or other container that is labeled with the date, time and location of collection, the name of…
Contents
-
-
-
-
-
-
Conducting investigations5m 7s
-
Evidence types3m 51s
-
Introduction to forensics4m 6s
-
System and file forensics4m 17s
-
File carving3m 1s
-
Creating forensic images5m 36s
-
Digital forensics toolkit3m 13s
-
Operating system analysis6m 25s
-
Password forensics8m 9s
-
Network forensics4m 50s
-
Software forensics3m 32s
-
Mobile device forensics1m 32s
-
Embedded device forensics2m 50s
-
Chain of custody2m 13s
-
Ediscovery and evidence production3m 15s
-
-